     <?php

	 include('config.php');

                    //strip all HTML tags
                    //and get rid of any quotes to prevent
                    //SQL injection
                    $message = secure($_POST['message']);
                    $name = secure($_POST['name']);
                    $time = time();

                    //use an array to store all error messages
                    $error_msg = array();
                    if (empty($message)) {
                        $error_msg[] = "Please enter a message!<br />";
                    }
                    if (empty($name)) {
                        $error_msg[] = "Please enter a name!<br />";
                    }
                    //print the errors
                    if (count($error_msg) > 0) {
                        echo "<strong>ERROR:</strong><br>n";
                        foreach ($error_msg as $err)
                            echo "$err";
                    }
                    //else, everything is ok, enter it in the DB
                    else {
                        $query = mysql_query("INSERT INTO page_comments VALUES (NULL,'$id','$name', '$message', '$time')") or
                            die(mysql_error());
                    }
					
					?>